·
Real-Time
Intrusion Detection with Emphasis on Insider Attacks
(completed). We have
worked on a novel security system based on the encapsulation of
owner's intent, which can be readily used as a concise reference
for monitoring of intrusions. Moving away from the traditional
method of detecting intrusions through low level network and
other resource audit, to a much higher level results in the
semantic perspective of what the user wants to accomplish. By
actively querying the user for his intent, one will be able to
build a small and manageable set of assertions so that the
search space is more focused and the system is able to respond
faster, make fewer mistakes and scale well.
o
Graduate
Students: R.
Chinchani (Ph.D., May 2005), A. Muthukrishnan (M.S., June 2004),
M. Chandrasekaran (M.S., June 2004); Under Supervision of
Shambhu Upadhyaya
o
Publications:
IWIA 2003, ACSAC 2004, Managing Cyber Threats, Springer 2005
o
Funding
Agency: DARPA
(2003-05), AFRL (2000-06)
·
Event
Correlation for Cyber Attack Recognition Systems (completed).
We have developed a
demonstrable software-system prototype that is capable of fusing
performance and event data coming from various intrusion
detection and network management subsystems typically used in
information infrastructures with data derived from textual, open
sources to give the security analyst a broad interpretation of
what is going on in his system, and what the motivation might be
behind an attack. The fusion process involves adaptive logic
that produces feedback information that can also be used to
modulate the network and open-source sensors to increase their
effectiveness. This research involves graph theoretic approaches
to threat assessment, fusion and sensor management.
o
Graduate
Students: S.
Mathew (Ph.D. expected June 2009) and C. Shah (M.S., Jan.
2005); Under Supervision of Shambhu Upadhyaya, Moise
Sudit, Jim Llinas
o
Publications:
IWIA 2005, SIMA 2005, VizSec 2006
o
Funding
Agency: ARDA
(2004-06), AFRL (2004-06)
·
Protecting
Documents from Insider Threat – A Multiphase Approach
(completed). This
project has developed a comprehensive document control and
management system through several innovative schemes for secure
access, on-line monitoring and support for log-based forensics.
The uniqueness of the approach is the security consideration
throughout the life cycle of a document, viz., pre-document
access phase, mid-document access phase and post-document access
phase. We have applied the concept of user profiling, document
profiling and role-based access control mechanisms to accomplish
the goals. The outcomes of this research are: more accurate
modeling and mitigation of insider threat (graph-based),
protection against subversion/circumvention of the monitoring
mechanism itself (structural knowledge) and post-attack
trace-back for attack identification (forensics) as applicable
to the realm of document control.
o
Graduate
Students: S.
Pramanik (Ph.D., Aug. 2007), S. Vidyaraman (Ph.D., Feb. 2008),
N. Shah (M.S., June 2004), A. Garg (Ph.D., June 2006); Under
Supervision of Shambhu Upadhyaya
o
Publications: IA
Symposium 2004, ACSAC 2004, IA Symposium 2006, ICC 2006
o
Funding
Agency: ARDA
(2003-05)
·
Game Theoretic
User-Centered Security Design Techniques (completed).
The field of security has
many theories that are both sound and complete, yet their
implementation is of concern in modern day systems. The game
theoretic models developed in this project take into account the
preferences of the users and the goals of the system/security
mechanism; each of the models is tuned towards the goal of
providing a technically meaningful solution by actively
involving the users in the loop. This project is a major step
forward in solving the decade old problem of the weak human
factor that has received little technical attention beyond mere
education of users.
o
Graduate
Students: S.
Vidyaraman (Ph.D., June 2008); Under Supervision of
Shambhu Upadhyaya
o
Publications:
iTrust
2006, Ubisafe 2007, ESORICS 2007
o
Funding Agency:
Air
Force Research Laboratory (2004-08)
·
Defect and Fault
Modeling of RF Circuits (completed).
A number of problems in the VLSI Testing area are better addressed by
empirical studies and simulation. Defect based testing has been
now recognized as a very effective test approach for deep
sub-micron integration technology due to its ability to focus on
realistic faults. In this research, we have looked at front-end
RF components and with the help of layout level analysis tools,
conducted empirical analysis to model realistic failures. This
research has involved the defect analysis and fault model
extensions of both active and passive circuit elements.
o
Graduate
Students: K.
Sundararaman (M.S., May 2004), R. Bhowmick (M.S., June 2005), S.
Gopalakrishnan (Dec. 2006); Under Supervision of Shambhu
Upadhyaya
o
Publications:
ISQED 2004, NATW 2004, DFTS 2006, Jetta 2008
o
Funding
Agency: SRC,
Microelectronics Design Center, University of Rochester
(2003-06)
·
Modeling Insider
Threats and Reasoning about Intrusions. We
have developed a theory of insider threat assessment. This is
the first such work which systematically and specifically
addressed insider threat. The team has developed a modeling
methodology which captures several aspects of insider threat,
and subsequently makes an assessment to reveal possible attack
strategies of an insider in an organization.
o
Graduate
Students: R.
Chinchani (Ph.D., May 2005), S. Pramanik (Ph.D., Aug. 2007), S.
Mathew (Ph.D., expected June 2009); Under Supervision of
Shambhu Upadhyaya and Hung Ngo
o
Publications: JCO
2005, DSN 2005, Fusion 2008
o
Funding
Agency: DARPA
(2004-05)
·
A Behavior Based
Methodology to Mitigate Internet Attacks.
In this project, a unified
behavior based framework for mitigating Internet based threats
is being developed. The main goal of this research is to develop
an attack-agnostic framework to address all facets of security –
viz. attack protection, detection, response and forensics. The
impact of this research is a set of solutions to mitigate the
common Internet based threats – phishing, zero-day attacks,
spyware and information leak.
o
Graduate
Students: M.
Chandrasekaran (Ph.D., expected Dec. 2008), N. Pulera (M.S.,
June 2008), (H. Alkebulan, M.S., expected Dec. 2008); Under
Supervision of Shambhu Upadhyaya
o
Publications:
Ubisafe 2006, Malware 2007 (Best Paper Award)
o
Funding
Agency:
DoD
(2007-08)
·
Secure, Robust
and Trusted Communications in Wireless Networks.
In this project, we adopt a
"data-first" approach for improving robustness and security
guarantees in wireless communications: it provides solutions for
robust data delivery under several threat and failure models
associated with diverse network settings. The emphasis is on
mitigating risks from exploits that target open-air properties
of the wireless media. Two parallel streams of work address
dominant data communication and design issues in Wireless Data
Networks (WDNs, which include Mobile Ad-hoc and Wireless Mesh
Networks) and Wireless Sensor Networks (WSNs).
o
Graduate
Students: M.
Virendra (Ph.D., June 2008), R. Mehresh (M.S., expected June
2009); Under Supervision of Shambhu Upadhyaya
o
Publications:
KIMAS 2005,
SKM 2006, ICC
2007, MMM-ACNS 2007
o
Funding Agency:
Air
Force Research Laboratory (2007-09)
·
Accelerating
Techniques for Rapid Mitigation of Phishing and Spam Emails.
Phishing scams pose a
serious threat to end-users and commercial institutions alike.
Current software based solutions that operate at application
space to detect such emails cannot be implemented on end-user's
local computers due to the computation overhead involved with
the associated feature selection and data mining algorithms. To
overcome these limitations we aim at detecting phishing attacks
based on the semantic and structural properties present in the
content of the phishing emails. Our solution is hardware based
and for this purpose, we will implement some basic theories such
as Simulated Annealing, Bayesian Learning, and Associative Rule
Mining in the hardware by exploiting the inbuilt pipelining,
scheduling and other accelerator capabilities and the micro
engines of the Tolapai processor.
o
Graduate
Students: M.
Chandrasekaran (Ph.D., expected Dec. 2008); Under Supervision
of Shambhu Upadhyaya
o
Funding Agency:
Intel Corporation (2008-09)
·
Security and
Robustness of Localization Techniques for Emergency Sensor
Networks. Recent
advancement in radio and processor technology has seen the rise
of Wireless Sensor Networks (WSN) as a reliable and
cost-effective tool for real-time information gathering and
analysis tasks during emergency scenarios like natural
disasters, terrorist attacks, military conflicts, etc.
Post-deployment localization is extremely important and
necessary in such applications. But, current distributed
localization approaches are not designed for such highly hostile
and dynamic network conditions. This project studies the adverse
effects of factors like cheating beacon node behavior, node
disablement and measurement inconsistencies on the corresponding
localization protocols and attempts to provide simple and
efficient solutions, both in terms of computation and resource
requirements, to overcome each of these problems.
o
Graduate
Students: M.
Jadliwala (Ph.D., Sept. 2008); Under Supervision of
Shambhu Upadhyaya
o
Publications:
IJSNET 2007, SRDS 2007, INFOCOM 2008
o
Funding
Agency:
Currently
Not Funded